The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek smartphone chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
| Severity | CVEs |
|---|---|
| High | CVE-2021-0681, CVE-2021-0680, CVE-2021-32484, CVE-2021-32485, CVE-2021-32486, CVE-2021-32487 |
| Medium | CVE-2021-0421, CVE-2021-0422, CVE-2021-0423, CVE-2021-0424, CVE-2021-0425, CVE-2021-0610, CVE-2021-0611, CVE-2021-0612, CVE-2021-0660 |
Details
| CVE | CVE-2021-0681 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in system properties |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 8.1, 9.0, 10.0, 11.0 |
| CVE | CVE-2021-0680 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in system properties |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6739, MT6750S, MT6755S, MT6757CD, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT8167, MT8168, MT8173, MT8183 |
| Affected Software Versions | Android 8.1, 9.0, 10.0 |
| CVE | CVE-2021-32484 |
|---|---|
| Title | Heap-based buffer overflow in Modem 2G RRM |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-122 Heap-based Buffer Overflow |
| Description | In modem 2G RRM, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution, when device is connecting to 2G cellular network, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6783, MT6785, MT6785T |
| Affected Software Versions | Modem LR12A, LR13 |
| CVE | CVE-2021-32485 |
|---|---|
| Title | Heap-based buffer overflow in Modem 2G RRM |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-122 Heap-based Buffer Overflow |
| Description | In modem 2G RRM, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution, when device is connecting to 2G cellular network, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6783, MT6785, MT6785T |
| Affected Software Versions | Modem LR12A, LR13 |
| CVE | CVE-2021-32486 |
|---|---|
| Title | Heap-based buffer overflow in Modem 2G RRM |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-122 Heap-based Buffer Overflow |
| Description | In modem 2G RRM, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution, when device is connecting to 2G cellular network, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6783, MT6785, MT6785T |
| Affected Software Versions | Modem LR12A, LR13 |
| CVE | CVE-2021-32487 |
|---|---|
| Title | Heap-based buffer overflow in Modem 2G RRM |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-122 Heap-based Buffer Overflow |
| Description | In modem 2G RRM, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution, when device is connecting to 2G cellular network, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6783, MT6785, MT6785T |
| Affected Software Versions | Modem LR12A, LR13 |
| CVE | CVE-2021-0421 |
|---|---|
| Title | Out-of-bounds read in memory management driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0422 |
|---|---|
| Title | Denial of service in memory management driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-400 Denial of Service |
| Description | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0423 |
|---|---|
| Title | Information disclosure in memory management driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Information Disclosure |
| Description | In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0424 |
|---|---|
| Title | Denial of service in memory management driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-400 Denial of Service |
| Description | In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0425 |
|---|---|
| Title | Information disclosure in memory management driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Information Disclosure |
| Description | In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0610 |
|---|---|
| Title | Integer overflow or wraparound in memory management driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0611 |
|---|---|
| Title | Use after free in m4u |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0612 |
|---|---|
| Title | Use after free in m4u |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0660 |
|---|---|
| Title | Improper check or handling of exceptional conditions in ccu |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-703 Improper Check or Handling of Exceptional Conditions |
| Description | In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6853, MT6873, MT6885 |
| Affected Software Versions | Android 10.0, 11.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | September 1, 2021 | Bulletin published. |
| 1.1 | January 13, 2022 | Revised CVE table |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.